1. Field of the Invention
The present invention is generally related to establishing secure connections between Web-application clients and servers communicating using non-HTTP protocols and, in particular, to a gateway server mediated secure authentication and credential management system supporting for Web-browser based Web application clients connecting with remote server-based Web services using non-HTTP communications protocols.
2. Description of the Related Art
A substantial aspect of the ongoing development of Web-based technologies is directed to providing increased support for distributed, networked applications. This effort has resulted in the development of WebSockets as a connection-oriented basis for bidirectional transmission of data between Web-browser based client applications and Web services provided on server systems remotely located relative to the Web-browser based client applications.
Distributed, network applications are conventionally architected using a client-server model where the client executes a dedicated application that ideally communicates through a persistent, bidirectional connection with a server system executing a corresponding service application. Authentication credentials are supplied by the client during initialization of the connection. The authentication persists until the client application releases the connection or otherwise shuts down. While the connection is operational, the client and server communicate using whatever protocol is most appropriate for the service provided and the nature of the data being exchanged.
Conventional Web-browser clients are, however, page and HTTP protocol oriented. By design, conventional Web-browsers will tear down existing local state whenever the client transitions from one page to another. Connections, including any related authentication data, are held as document or page oriented local state. Page transitions therefore naturally result in the termination of existing connections. Non-page state data can be stored by conventional Web-browser clients as cookies. Allocated by the server system, these cookies can be manipulated to store information that allows authenticated connections to be autonomously restored as needed for the duration of a server defied session. Access to and manipulation of session cookies in this manner is effectively limited to use of the HTTP protocol as natively supported by conventional Web-browser clients. Although the WebSockets protocol allows conventional HTTP cookies to be transmitted during the initial connection phase of establishing a WebSockets connection, the higher-level protocols hosted on WebSocket connections cannot access or use these cookies.
Consequently, a need exists for a system and methods that will allow WebSocket and other non-HTTP protocol connections to be utilized between Web-browser client and server applications while functionally maintaining state in a secure manner subject to the conventional operational nature of Web-browser clients.